Supported Operating Systems

Division: 

Administration and Finance

Department: 

Information Technology Services

Contact Information: 

Nish Malik / Associate Vice President and Chief Information Officer, Information Technology Services / (415) 405-4105 / nish@sfsu.edu

Effective Date: 

Thursday, September 16, 2021

Revised Date: 

Thursday, October 21, 2021

Authority: 

ICSUAM 8070 - Information Systems Acquisitions, Development and Maintenance

ICSAM 8045.S200 - Malicious Software Protection

Objective: 

The purpose of this policy is to ensure that university owned endpoints, servers, and network-connected devices, excluding Internet of Things (IOT) devices, are running operating systems which can be updated to address cybersecurity vulnerabilities.

Statement: 

Implementation

Responsibility for implementing this policy will rest with the appropriate functional campus areas. The ITS Information Security Office is responsible for periodically auditing the SF State network for outdated operating systems and working with the functional campus areas to put in place risk acceptance documents for assets with non-supported operating systems that must remain on the network for more than 60 days after support ends.

Submit any apparent violation of this policy to the appropriate administrative authority (vice president, dean, director, department, or program chair) or to service@sfsu.edu.

Non-Compliance

Noncompliance with applicable policies may result in suspension of network access privileges. Campus functional areas hosting critical services that cannot be migrated quickly must file a risk acceptance form with the Security Team. In addition, disciplinary action may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.